Cyware is hiring a
Global Risk Compliance Manager

Summary

Join Cyware, a cybersecurity startup that unifies threat intelligence, automation, and vulnerability management with data insights. As Global Risk Compliance Manager, you will be responsible for maintaining information security compliance with applicable laws, licenses, and regulations.

Requirements

• US Citizenship is a requirement of this position in accordance with 8 U.S.C 1324b(a)(2)(C)
• Strong oral and written communication skills
• Strong problem solving and troubleshooting skills with experience exercising mature judgement
• Excellent teamwork and interpersonal skills
• General information security experience and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc
• Experienced in collaborating at all levels of an enterprise
• Creativity and initiative in work product, positive and helpful attitude proposing solutions to resolve problems
• Professional and technical certifications desired but not required such as CISM or CISSP
• Ability to reach technical and non-technical audiences across all levels of the organization
• Must possess basic knowledge of networking, different operating system, endpoint devices and security devices
• Work experience related to information security and/or IT operational risk management is essential, across cloud and traditional IT patterns
• Comprehension of the regulatory and legal landscape driving privacy/information security (NY DFS, GDPR, CCPA, etc.)
• Experience in leading organizations through Information Security audits and certifications (SOC 2, FedRamp, ISO, etc.)
• A solid understanding of current technology capabilities, and a keen interest in staying abreast of emerging technology trends and information security domains
• Experience in contracting, implementing, and managing security service providers
• Experience with implementing and managing GRC software solutions for Information Security use cases

Responsibilities

• Implement and maintain procedures and controls to assure security compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
• Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with cybersecurity policies and best practices
• Lead the annual security program roadmap and status reporting on initiatives and KRIs. Create presentation materials and lead discussion for key stakeholder meetings
• Ensure applicable standards and regulations pertinent to Cyware are effectively implemented and act as an advisor to all managers
• Conduct analysis of new regulations that impact the information security program
• Coordinate external reviews and/or assessments from regulators, audit firms, and client due diligence requests
• Own the security risk register and the ongoing management of inherent and residual information security risks
• Prepare heat maps and analytics of known risks
• Operationalization of a metrics and reporting function to continually report on meaningful information security risk and compliance metrics for operational and executive management
• Work closely with the VAPT team
• Create and update the hardening checklist
• Conduct global training sessions regarding information security for Cyware’s internal team

Benefits

• Comprehensive benefits package including time off, paid holidays, retirement plans, insurance coverage
• Professional development opportunities to continually report on meaningful information security risk and compliance metrics for operational and executive management
• Competitive compensation packages